Privacy policy.
1. Introduction
I am committed to protecting and respecting your privacy. This policy explains how I collect, use, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Information I Collect
I may collect and process the following personal data:
Identifying Information: Name, contact details (phone number, email, address).
Personal Information: Information you share during assessment and therapy sessions or via voluntarily completed questionnaires, such as information about your current and previous psychological and physical health, your current and previous social and family circumstances, as well as possible sensitive personal information such as your religious/faith beliefs and your sexual behaviour or orientation, and GP details.
Administrative Information: Records of appointments, payments, and correspondence.
3. How I Use Your Information
I use your data for the following purposes:
To provide psychological and counselling services.
To manage appointments, payments, and communications.
To comply with legal and regulatory obligations (e.g., safeguarding concerns).
4. Lawful Basis for Processing
I process your data based on the following lawful bases under UK GDPR:
Consent: You provide explicit consent for us to collect and use your data.
Contractual Obligation: To provide the counselling service you have requested.
Legal Obligation: Where required by law (e.g., safeguarding, court orders).
Legitimate Interest: To ensure the effective running of our practice.
5. Data Sharing
I will not share your personal data with third parties unless:
You provide explicit consent.
It is necessary for safeguarding purposes.
It is required by law (e.g., court order).
A GP or emergency service needs to be informed for your safety.
I may discuss your personal information in supervision for the purposes of ensuring that my practice is safe and effective, and as mandated by my professional bodies. I will use a pseudonym when I share your information in supervision.
6. Data Retention
I keep records for seven years after the last appointment (in line with professional guidelines). After this period, data is securely deleted.
7. Your Rights
Under UK GDPR, you have rights regarding your personal data:
Access: Request a copy of your data.
Rectification: Request corrections to inaccurate data.
Erasure: Request deletion of your data (subject to legal requirements).
Restriction: Request limited processing of your data.
Objection: Object to how we process your data.
Data Portability: Request transfer of your data to another service provider.
To exercise these rights, contact Dr Joanna Jackson via email: contactdrjoannajackson@gmail.com
8. Security of Your Data
We take appropriate security measures to protect your data, including encrypted storage and access controls.
9. Contact Information
If you have any concerns about how we handle your data, please contact Dr Joanna Jackson via email: contactdrjoannajackson@gmail.com
10. Complaints
If you believe we have not handled your data properly, you can contact the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk
Phone: 0303 123 1113
Last updated: March 2025